-Rwx------

**Name of the Vulnerable Software and Affected Versions** HedEx versions prior to V200R006C00 **Description** The issue allows an attacker to download arbitrary files on a target device, potentially causing information leaks. **Recommendations** For versions prior to V200R006C00, update to V200R006C00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HedEx versions earlier than V200R006C00 **Description** The issue is related to a dynamic link library (DLL) hijacking vulnerability. This occurs because the software calls a DLL file by accessing a relative path, allowing an attacker to potentially tamper with the DLL file and lead to DLL hijacking. **Recommendations** For versions earlier than V200R006C00, update to V200R006C00 or later to resolve the issue. As a temporary workaround, consider restricting access to the relative path used to call the DLL file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HedEx versions earlier than V200R006C00 **Description** The issue allows an attacker to trick a user into accessing a website containing malicious scripts, potentially tampering with configurations and interrupting normal services due to a cross-site request forgery (CSRF) issue. **Recommendations** For versions earlier than V200R006C00, update to V200R006C00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HedEx versions prior to V200R006C00 **Description** The issue allows attackers to exploit a stored cross-site scripting (XSS) vulnerability, enabling them to plant malicious scripts into the configuration file and interrupt the services of legitimate users. **Recommendations** For versions prior to V200R006C00, update to V200R006C00 or later to resolve the issue.